diff options
| author | jim-p <jimp@pfsense.org> | 2015-10-05 15:34:15 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-10-05 15:34:15 -0400 |
| commit | 6928c912712d57a44e2cf685283cb566937933ca (patch) | |
| tree | 59f7d6aaeba509750ab21120e22181904a24c961 | |
| parent | 609bdbdee961cbe6f4b94ae5858131a87e9ac52c (diff) | |
| download | pfsense-packages-6928c912712d57a44e2cf685283cb566937933ca.tar.gz pfsense-packages-6928c912712d57a44e2cf685283cb566937933ca.tar.bz2 pfsense-packages-6928c912712d57a44e2cf685283cb566937933ca.zip | |
Better handling of filenames in the IP Reputation browser and management.
| -rw-r--r-- | config/snort/snort_ip_reputation.php | 8 | ||||
| -rw-r--r-- | config/snort/snort_iprep_list_browser.php | 4 |
2 files changed, 6 insertions, 6 deletions
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php index c190b0e6..58098fe2 100644 --- a/config/snort/snort_ip_reputation.php +++ b/config/snort/snort_ip_reputation.php @@ -78,7 +78,7 @@ if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) { // See if the file is already assigned to the interface foreach ($a_nat[$id]['blist_files']['item'] as $f) { if ($f == basename($_POST['iplist'])) { - $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file."); + $input_errors[] = sprintf(gettext("The file %s is already assigned as a blacklist file."), htmlspecialchars($f)); break; } } @@ -89,7 +89,7 @@ if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) { } } else - $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + $input_errors[] = sprintf(gettext("The file '%s' could not be found."), htmlspecialchars($_POST['iplist'])); $pconfig['blist_files'] = $a_nat[$id]['blist_files']; $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; @@ -103,7 +103,7 @@ if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { // See if the file is already assigned to the interface foreach ($a_nat[$id]['wlist_files']['item'] as $f) { if ($f == basename($_POST['iplist'])) { - $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file."); + $input_errors[] = sprintf(gettext("The file %s is already assigned as a whitelist file."), htmlspecialchars($f)); break; } } @@ -114,7 +114,7 @@ if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { } } else - $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + $input_errors[] = sprintf(gettext("The file '%s' could not be found."), htmlspecialchars($_POST['iplist'])); $pconfig['blist_files'] = $a_nat[$id]['blist_files']; $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php index a13a2d37..42f1d595 100644 --- a/config/snort/snort_iprep_list_browser.php +++ b/config/snort/snort_iprep_list_browser.php @@ -83,9 +83,9 @@ foreach($files as $file): <td></td> <td class="fbFile vexpl" id="<?=$fqpn;?>" align="left"> <?php $filename = str_replace("//","/", "{$path}/{$file}"); ?> - <div onClick="$('<?=$target;?>').value='<?=$filename?>'; $('<?=$container;?>').hide();"> + <div onClick="$('<?=$target;?>').value='<?=htmlspecialchars($filename)?>'; $('<?=$container;?>').hide();"> <img src="/filebrowser/images/file_<?=$type;?>.gif" alt="" title=""> - <?=$file;?> + <?=htmlspecialchars($file);?> </div> </td> <td align="right" class="vexpl"> |